UnboundID Identity Data Store Command-Line Tool Reference

Identity Data Store Documentation Index
Command-Line Tool Reference Home

export-ldif

Description

Export data from an Identity Data Store backend in LDIF format.

To export data from a remote Identity Data Store, the Identity Data Store must be running and connection parameters must be supplied. You can specify options to include or exclude specific attributes and branches of the tree, and to include or exclude entries matching a given filter. The data may be appended to an existing file instead of overwriting it, and the output may be optionally compressed.

This tool features both an offline mode of operation as well as the ability to schedule an operation to run within the Identity Data Store's process. To schedule an operation supply LDAP connection options that allow this tool to communicate with the server through its task interface. Tasks can be scheduled to run immediately or at a later time (see Task Scheduling Options below). Once scheduled, tasks can be managed using the manage-tasks tool.

WARNING: Processing an LDIF export as a task does not provide any assurance that the resulting LDIF file represents any specific point in time. Some of the entries written to the LDIF file may include changes processed after the LDIF export was started, which may cause difficulty in attempts to import the LDIF file and/or re-synchronize the data with other servers in the replication topology. It is strongly recommended that LDIF exports of local DB backends be performed using the export-ldif tool in non-task mode, which guarantees that the resulting LDIF file will represent the state of the data as it appeared at the time the export was started and will not include any changes made to the data while the export is in progress.

Examples

Export all data from the userRoot backend of the local Identity Data Store into the file 'userRoot.ldif'. The Identity Data Store may be running or stopped:

export-ldif --backendID userRoot --ldifFile userRoot.ldif

Export data under a specific branch from the userRoot backend of the local Identity Data Store into a compressed file. Operational attributes are excluded from the exported data, and long lines are wrapped at column 80. The Identity Data Store may be running or stopped:

export-ldif --backendID userRoot --ldifFile userRoot.ldif.gz --compress \
     --includeBranch ou=people,dc=example,dc=com --excludeOperational \
     --wrapColumn 80

Invoke a task to export all data from the userRoot backend of the Identity Data Store into a file on the server's file system. The Identity Data Store may be remote and it must be running:

export-ldif --task --hostname server1 --port 389 \
     --bindDN uid=admin,dc=example,dc=com --bindPassword password \
     --backendID userRoot --ldifFile userRoot.ldif

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

Arguments

-V
--version

Description

Display Identity Data Store version information

-H
--help

Description

Display general usage information

--help-ldap

Description

Display help for using LDAP options

--help-sasl

Description

Display help for using SASL options

--help-debug

Description	Display help for using debug options
Advanced	Yes

-Z
--useSSL

Description

Use SSL for secure communication with the server

-q
--useStartTLS

Description

Use StartTLS to secure communication with the server

--useNoSecurity

Description

Use no security when communicating with the server

-h {host}
--hostname {host}

Description	Identity Data Store hostname or IP address
Default Value	localhost
Required	No
Multi-Valued	No

-p {port}
--port {port}

Description	Identity Data Store port number
Default Value	389
Required	No
Multi-Valued	No

-D {bindDN}
--bindDN {bindDN}

Description	DN used to bind to the server
Default Value	cn=Directory Manager
Required	No
Multi-Valued	No

-w {bindPassword}
--bindPassword {bindPassword}

Description	Password used to bind to the server
Required	No
Multi-Valued	No

-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}

Description	Bind password file
Required	No
Multi-Valued	No

-o {name=value}
--saslOption {name=value}

Description	SASL bind options
Required	No
Multi-Valued	Yes

-X
--trustAll

Description

Trust all server SSL certificates

-P {trustStorePath}
--trustStorePath {trustStorePath}

Description	Certificate trust store path
Required	No
Multi-Valued	No

-K {keyStorePath}
--keyStorePath {keyStorePath}

Description	Certificate key store path
Required	No
Multi-Valued	No

-W {keyStorePassword}
--keyStorePassword {keyStorePassword}

Description	Certificate key store PIN
Required	No
Multi-Valued	No

-u {keyStorePasswordFile}
--keyStorePasswordFile {keyStorePasswordFile}

Description	Certificate key store PIN file
Required	No
Multi-Valued	No

-N {nickname}
--certNickname {nickname}

Description	Nickname of the certificate for SSL client authentication
Required	No
Multi-Valued	No

--useAdministrativeSession

Description

Attempt to use an administrative session to have operations processed on a dedicated pool of worker threads. This may be useful when trying to diagnose problems in a server that is unresponsive because all normal worker threads are busy processing other requests

--propertiesFilePath {propertiesFilePath}

Description	Path to the file that contains default property values used for command-line arguments
Required	No
Multi-Valued	No

--usePropertiesFile

Description

Specify that a properties file will be used to get default command-line argument values

--script-friendly

Description

Use script-friendly mode

--task

Description

Indicates that this tool should be invoked as a task which runs inside the Identity Data Store rather than as a separate process. At present, this argument is optional, but in a future release it may be required for running as a task

-t {startTime}
--start {startTime}

Description	Indicates the date/time, expressed in format 'YYYYMMDDhhmmss', when the operation starts when scheduled as a server task. A value of '0' causes the task to be scheduled for immediate execution. When this option is specified, the operation is scheduled to start at the specified time, after which this utility will exit immediately
Required	No
Multi-Valued	No

--completionNotify {emailAddress}

Description	Email address of a recipient to be notified when the task completes. This option may be specified more than once
Required	No
Multi-Valued	Yes

--errorNotify {emailAddress}

Description	Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once
Required	No
Multi-Valued	Yes

--dependency {taskID}

Description	ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution
Required	No
Multi-Valued	Yes

--failedDependencyAction {action}

Description	Action this task will take should one of its dependent tasks fail. The value must be one of the following: PROCESS,CANCEL,DISABLE. If not specified, the default value is CANCEL
Required	No
Multi-Valued	Yes

-Q
--quiet

Description

Use quiet mode

-l {ldifFile}
--ldifFile {ldifFile}

Description	Path to the LDIF file to be written
Required	Yes
Multi-Valued	No

-a
--appendToLDIF

Description

Append an existing LDIF file rather than overwriting it

-n {backendName}
--backendID {backendName}

Description	Backend ID for the backend to export
Required	Yes
Multi-Valued	No

-b {branchDN}
--includeBranch {branchDN}

Description	Base DN of a branch to include in the LDIF export
Required	No
Multi-Valued	Yes

-B {branchDN}
--excludeBranch {branchDN}

Description	Base DN of a branch to exclude from the LDIF export
Required	No
Multi-Valued	Yes

-i {attribute}
--includeAttribute {attribute}

Description	Attribute to include in the LDIF export
Required	No
Multi-Valued	Yes

-e {attribute}
--excludeAttribute {attribute}

Description	Attribute to exclude from the LDIF export
Required	No
Multi-Valued	Yes

-I {filter}
--includeFilter {filter}

Description	Filter to identify entries to include in the LDIF export
Required	No
Multi-Valued	Yes

-E {filter}
--excludeFilter {filter}

Description	Filter to identify entries to exclude from the LDIF export
Required	No
Multi-Valued	Yes

-O
--excludeOperational

Description

Exclude operational attributes from the LDIF export

-R
--excludeReplication

Description

Exclude replication related attributes and entries from the LDIF export

-S
--excludeSoftDelete

Description

Exclude soft delete entries from the LDIF export

--wrapColumn {wrapColumn}

Description	Column at which to wrap long lines (0 for no wrapping)
Lower Bound	0
Default Value	0
Required	No
Multi-Valued	No

-c
--compress

Description

Compress the LDIF data as it is exported using gzip compression

-y
--encryptLDIF

Description

Encrypt the LDIF data as it is exported

-s
--sign

Description

Sign the contents of the LDIF file

--logFilePath {logFilePath}

Description	Echo the console output to the specified log file, instead of the default '/logs/tools/ds-tool.log' file
Required	No
Multi-Valued	No